Trust, biometrics and mobile payments

Dave Birch

Global Ambassador,

Consult Hyperion

Mobey Day

Barcelona, October 2014

1 Attribution-ShareAlike 3.0Version 2, 13-Oct-14

It’s the convenience, stupid

Fingerprints can not lie,

but liars can make

fingerprints.

B. Geller et al.

“A chronological Review

of Fingerprint Forgery” in

J. Forensic Sciences

44(5), p.953 (1999)

Who are Consult Hyperion?

Practical and independent expertise

Please copy and distribute

Mobile paymentsDeep involvement in mobile payment programmes

around the world

Payment schemesTechnical authoring and consultancy on EMV payment

specifications, strategy, training & certification requirements.

TfL Future Ticketing StrategyEnabling open-loop payments in London

transport

Mobile POSEnabling card payment acceptance within a new

category of Merchants

.

From technology roadmap to business plan

We have the handsets

■ High smartphone penetration

We have the schemes

■ Visa, MC, Amex all on board

We have the terminals

■ mPowa, iZettle, Zinc

We have the technologies

■ HCE, HFC, BLE

We have new infrastructure

■ FPS, Bitcoin

But we don’t have mobile payments…

3 Please copy and distributeVersion 1, 10/13/2014

But mobile payments work…

They work, they really do

4 Please copy and distributeVersion 1, 10/13/2014

…and NFC, HCE and BLE work…

Apple, Google, MCX and the end of the phoney war (yuk yuk)

5 In commercial confidenceVersion 1, 13-Oct-14

…and mobile biometrics work…

“It’s not about payment. It’s about identity”

Jack Dorsey, Founder of Square and Twitter (New York Times, 22nd December 2013)

6 Please copy and distributeVersion 1, 10/13/2014

…but don’t have an ecosystem

Hhhmmmm….

7 Please copy and distributeVersion 1, 10/13/2014

Hello 1997

No voice-based authentication on my train pleeeeezzz

8 Please copy and distributeVersion 1, 10/13/2014

TouchID (September 2013)

Do you know fingerprints can be faked? I heard about a Japanese guy who

did it with jelly babies or something?

■ Yes, I know.

Your fingerprints are all over your phone, people could easily steal them.

■ Yes, I know.

Criminals might be able to find a way to make a fake finger and use it to buy

songs on iTunes

■ Yes, I know.

Researchers were able to reconstruct useable 3D models of fingers by

accessing stored templates

■ Yes, I know.

Person: So would you use the new Apple TouchID on your next iPhone?

■ Me: Of course.

9 Please copy and distributeVersion 1, 10/13/2014

ApplePay

In-store will soon be in-app (NFC is not the disruptive technology)

10 Please copy and distributeVersion 1, 10/13/2014

Raising the bar

In-store will soon be in-app (NFC is not the disruptive technology)

11 Please copy and distributeVersion 1, 10/13/2014

Mobile biometrics in the mass market

S5 with FIDO in TEE and fingerprint authentication

12 Please copy and distributeVersion 1, 10/13/2014

Conclusions

Mass market biometrics are about convenience, not security

Security is provided by a combination of factors, no reliance on any

single factor

We have used very structured risk analysis with our clients to find

the right combination of factors

Apple’s solution is of the type that we have consistently

recommended:

■ Biometric authentication (not identification)

■ Against a revocable security token (using standards)

■ Held in tamper-resistant storage (owned by the customer)

Convenience trumps trust every time. Every time.

13 Please copy and distributeVersion 1, 10/13/2014

So the mobile payments roadmap is clear?

Perhaps people are more prepared to consider alternatives to the “conventional”

money and payment systems

14 Please copy and distributeVersion 1, 10/13/2014

Tomorrow’s Transactions:

thought leadership from Consult Hyperion

Read www.chyp.com/media/blog

Listen www.chyp.com/media/podcasts

Visit www.chyp.com

Contact info@chyp.com

Follow @chyppings

Thank You

Consult Hyperion has helped some of the world’s leading organisations to make the

right technical and commercial choices within and around smart, mobile, contactless

transactions, including retail payments, identity management and transit ticketing.

Consult Hyperion is a trusted advisor adding product strategy, technical, regulatory,

compliance and information security expertise into project teams within

organisations considering deploying innovative new payment or identity services.

15 Version 1, 13-Oct-14 Please copy and distribute

In January 2013, David Birch was ranked Europe’s most influential commentator on

emerging payments and in August 2013 Wired magazine named him one of their global

top 15 sources of finance and business information.

One more thing…

“Identity is the New Money” (LPP: 24th April 2014)

144pp paperback / ISBN 978-1-907994-12-8

16 Please copy and distributeVersion 1, 10/13/2014

Birch doesn't claim to have all the answers. What he has

done is produce a bold, forward thinking book that grapples

with weighty issues in a concise and accessible way. Retail

Systems (May 2014).